Package: xen-utils-3.2-1 Version: 3.2.0-4 Severity: important Tags: patch pygrub uses tools/libfsimage to read a guest filesystem. Unfortunately the grub derived code does not support 256 byte inodes. Grub itself has been patched (see #463236 and #463123) and this patch has now been applied to the upstream Xen tree. See <http://xenbits.xensource.com/staging/xen-unstable.hg?rev/c777e572a467> and attached.
However -- I would recommend that pygrub in Debian should be using the e2fslibs based backend rather than the grub derived code since this library is a much more canonical implementation of userspace ext2/3 and is likely to support newer features more reliably. This can be achieved with a build-dependency on e2fslibs-dev which will cause this alternative code to be built. Patch is attached. If you do not wish to go down this path then I would recommend either adding a build-conflicts (if such a thing exists) or patching tools/libfsimage/Makefile to always select the grub code otherwise you run the risk of the selection changing randomly depending on buildd configuration. Two patches are attached -- I guess you want one or the other. Cheers, Ian. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18.8-xen (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages xen-utils-3.2-1 depends on: ii iproute 20080108-1 Professional tools to control the ii libc6 2.7-10 GNU C Library: Shared libraries ii libncurses5 5.6+20080405-1 Shared libraries for terminal hand ii libsdl1.2debian 1.2.13-2 Simple DirectMedia Layer ii libssl0.9.8 0.9.8g-8 SSL shared libraries ii libxenstore3.0 3.2.0-4 Xenstore communications library fo ii python 2.4.4-2 An interactive high-level object-o ii python-central 0.6.2 register and build utility for Pyt ii udev 0.114-2 /dev/ and hotplug management daemo ii xen-utils-common 3.2.0-2 XEN administrative tools - common ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages xen-utils-3.2-1 recommends: ii bridge-utils 1.4-1 Utilities for configuring the Linu ii xen-hypervisor-3.2-1-amd64 [x 3.2.0-4 The Xen Hypervisor on AMD64 -- no debconf information
Index: xen-3/debian/patches/tools-libfsimage-ext3-256-byte-inodes.diff =================================================================== --- xen-3/debian/patches/tools-libfsimage-ext3-256-byte-inodes.diff (revision 0) +++ xen-3/debian/patches/tools-libfsimage-ext3-256-byte-inodes.diff (revision 0) @@ -0,0 +1,106 @@ +# HG changeset patch +# User Keir Fraser <[EMAIL PROTECTED]> +# Date 1208335544 -3600 +# Node ID c777e572a4672f1ebddd95e95b94ca1e1e9e01ca +# Parent c3efeb3095ac8699d564cdbbe91ca214afe8e4d3 +[LIBFSIMAGE] Support 256 byte inodes on ext3 + +Patch taken from Debian grub package version 0.97-32. +See http://bugs.debian.org/463236 & http://bugs.debian.org/463123 + +Signed-off-by: Ian Campbell <[EMAIL PROTECTED]> + +diff -r c3efeb3095ac -r c777e572a467 tools/libfsimage/ext2fs/fsys_ext2fs.c +--- a/tools/libfsimage/ext2fs/fsys_ext2fs.c Wed Apr 16 09:32:45 2008 +0100 ++++ b/tools/libfsimage/ext2fs/fsys_ext2fs.c Wed Apr 16 09:45:44 2008 +0100 +@@ -77,7 +77,52 @@ struct ext2_super_block + __u32 s_rev_level; /* Revision level */ + __u16 s_def_resuid; /* Default uid for reserved blocks */ + __u16 s_def_resgid; /* Default gid for reserved blocks */ +- __u32 s_reserved[235]; /* Padding to the end of the block */ ++ /* ++ * These fields are for EXT2_DYNAMIC_REV superblocks only. ++ * ++ * Note: the difference between the compatible feature set and ++ * the incompatible feature set is that if there is a bit set ++ * in the incompatible feature set that the kernel doesn't ++ * know about, it should refuse to mount the filesystem. ++ * ++ * e2fsck's requirements are more strict; if it doesn't know ++ * about a feature in either the compatible or incompatible ++ * feature set, it must abort and not try to meddle with ++ * things it doesn't understand... ++ */ ++ __u32 s_first_ino; /* First non-reserved inode */ ++ __u16 s_inode_size; /* size of inode structure */ ++ __u16 s_block_group_nr; /* block group # of this superblock */ ++ __u32 s_feature_compat; /* compatible feature set */ ++ __u32 s_feature_incompat; /* incompatible feature set */ ++ __u32 s_feature_ro_compat; /* readonly-compatible feature set */ ++ __u8 s_uuid[16]; /* 128-bit uuid for volume */ ++ char s_volume_name[16]; /* volume name */ ++ char s_last_mounted[64]; /* directory where last mounted */ ++ __u32 s_algorithm_usage_bitmap; /* For compression */ ++ /* ++ * Performance hints. Directory preallocation should only ++ * happen if the EXT2_FEATURE_COMPAT_DIR_PREALLOC flag is on. ++ */ ++ __u8 s_prealloc_blocks; /* Nr of blocks to try to preallocate*/ ++ __u8 s_prealloc_dir_blocks; /* Nr to preallocate for dirs */ ++ __u16 s_reserved_gdt_blocks;/* Per group table for online growth */ ++ /* ++ * Journaling support valid if EXT2_FEATURE_COMPAT_HAS_JOURNAL set. ++ */ ++ __u8 s_journal_uuid[16]; /* uuid of journal superblock */ ++ __u32 s_journal_inum; /* inode number of journal file */ ++ __u32 s_journal_dev; /* device number of journal file */ ++ __u32 s_last_orphan; /* start of list of inodes to delete */ ++ __u32 s_hash_seed[4]; /* HTREE hash seed */ ++ __u8 s_def_hash_version; /* Default hash version to use */ ++ __u8 s_jnl_backup_type; /* Default type of journal backup */ ++ __u16 s_reserved_word_pad; ++ __u32 s_default_mount_opts; ++ __u32 s_first_meta_bg; /* First metablock group */ ++ __u32 s_mkfs_time; /* When the filesystem was created */ ++ __u32 s_jnl_blocks[17]; /* Backup of the journal inode */ ++ __u32 s_reserved[172]; /* Padding to the end of the block */ + }; + + struct ext2_group_desc +@@ -215,6 +260,9 @@ struct ext2_dir_entry + /* linux/ext2_fs.h */ + #define EXT2_ADDR_PER_BLOCK(s) (EXT2_BLOCK_SIZE(s) / sizeof (__u32)) + #define EXT2_ADDR_PER_BLOCK_BITS(s) (log2(EXT2_ADDR_PER_BLOCK(s))) ++ ++#define EXT2_INODE_SIZE(s) (SUPERBLOCK->s_inode_size) ++#define EXT2_INODES_PER_BLOCK(s) (EXT2_BLOCK_SIZE(s)/EXT2_INODE_SIZE(s)) + + /* linux/ext2_fs.h */ + #define EXT2_BLOCK_SIZE_BITS(s) ((s)->s_log_block_size + 10) +@@ -537,7 +585,7 @@ ext2fs_dir (fsi_file_t *ffi, char *dirna + gdp = GROUP_DESC; + ino_blk = gdp[desc].bg_inode_table + + (((current_ino - 1) % (SUPERBLOCK->s_inodes_per_group)) +- >> log2 (EXT2_BLOCK_SIZE (SUPERBLOCK) / sizeof (struct ext2_inode))); ++ >> log2 (EXT2_INODES_PER_BLOCK (SUPERBLOCK))); + #ifdef E2DEBUG + printf ("inode table fsblock=%d\n", ino_blk); + #endif /* E2DEBUG */ +@@ -549,13 +597,12 @@ ext2fs_dir (fsi_file_t *ffi, char *dirna + /* reset indirect blocks! */ + mapblock2 = mapblock1 = -1; + +- raw_inode = INODE + +- ((current_ino - 1) +- & (EXT2_BLOCK_SIZE (SUPERBLOCK) / sizeof (struct ext2_inode) - 1)); ++ raw_inode = (struct ext2_inode *)((char *)INODE + ++ ((current_ino - 1) & (EXT2_INODES_PER_BLOCK (SUPERBLOCK) - 1)) * ++ EXT2_INODE_SIZE (SUPERBLOCK)); + #ifdef E2DEBUG + printf ("ipb=%d, sizeof(inode)=%d\n", +- (EXT2_BLOCK_SIZE (SUPERBLOCK) / sizeof (struct ext2_inode)), +- sizeof (struct ext2_inode)); ++ EXT2_INODES_PER_BLOCK (SUPERBLOCK), EXT2_INODE_SIZE (SUPERBLOCK)); + printf ("inode=%x, raw_inode=%x\n", INODE, raw_inode); + printf ("offset into inode table block=%d\n", (int) raw_inode - (int) INODE); + for (i = (unsigned char *) INODE; i <= (unsigned char *) raw_inode; Index: xen-3/debian/patches/series =================================================================== --- xen-3/debian/patches/series (revision 545) +++ xen-3/debian/patches/series (working copy) @@ -11,7 +11,8 @@ tools-ioemu-config.diff tools-pygrub-prefix.diff tools-libfsimage-prefix.diff +tools-libfsimage-ext3-256-byte-inodes.diff disable-features.diff tools-misc-xend-race.diff doc-remove-unused.diff CVE-2008-0928
Index: xen-3/debian/templates/control.source.in =================================================================== --- xen-3/debian/templates/control.source.in (revision 545) +++ xen-3/debian/templates/control.source.in (working copy) @@ -3,7 +3,7 @@ Priority: extra Maintainer: Debian Xen Team <[EMAIL PROTECTED]> Uploaders: Julien Danjou <[EMAIL PROTECTED]>, Jeremy T. Bouse <[EMAIL PROTECTED]>, Guido Trotter <[EMAIL PROTECTED]>, Bastian Blank <[EMAIL PROTECTED]> -Build-Depends: debhelper (>= 5.0.37.2), python-dev (>= 2.3), libsdl1.2-dev, bcc, lsb-release, python-central (>= 0.5), quilt, zlib1g-dev, libjpeg-dev, libncurses5-dev, libssl-dev, libvncserver-dev, gcc-multilib [amd64] +Build-Depends: debhelper (>= 5.0.37.2), python-dev (>= 2.3), libsdl1.2-dev, bcc, lsb-release, python-central (>= 0.5), quilt, zlib1g-dev, libjpeg-dev, libncurses5-dev, libssl-dev, libvncserver-dev, gcc-multilib [amd64], e2fslibs-dev Build-Depends-Indep: graphviz, gs-common, texlive-fonts-recommended, texlive-latex-recommended Standards-Version: 3.7.2.0 XS-Python-Version: current
